NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University, that is investigating Coronavirus
The callous actions of modern day hackers has been exposed again, after Oxford University reportedly confirmed a cyber incident.
Oxford University confirmed on Thursday it had detected and isolated an incident at the Division of Structural Biology (known as “Strubi”), after Forbes disclosed that hackers were showing off access to a number of systems.
It is reported that the Strubi Lab is where renowned professors have been researching how to counter the Covid-19 pandemic, and one of the systems compromised included machines used to prepare biochemical samples.
The University told Forbes it couldn’t comment further on the scale of the breach, but confirmed it had contacted the National Cyber Security Center (NCSC), a branch of the British intelligence agency GCHQ, which will now investigate the attack.
“We have identified and contained the problem and are now investigating further,” an Oxford University spokesperson was quoted as saying. “There has been no impact on any clinical research, as this is not conducted in the affected area. As is standard with such incidents, we have notified the National Cyber Security Center and are working with them.”
The British Information Commissioner’s Office has also been informed, according to the spokesperson, who added that the affected systems didn’t contain any patient data and there was no impact on patient confidentiality.
“We are aware of an incident affecting Oxford University and are working to fully understand its impact,” a spokesperson with the NCSC said.
Forbes reported that it had been alerted to the breach by Hold Security chief technology officer Alex Holden, who provided screenshots of the hackers’ access to Oxford University systems.
They reportedly showed interfaces for what appeared to be possible lab equipment, with the ability to control pumps and pressure. There were also times and dates on the Windows-based controls, and dates of 13 and 14 February were displayed, meaning the intrusion continued until a couple of weeks ago.
Forbes reported that the Oxford spokesperson confirmed the hacked machines were used to purify and prepare biochemical samples, such as proteins, that are made in the laboratory for fundamental research.
Such samples have been used in the lab’s coronavirus research, the spokesperson confirmed.
It should be noted that the Strubi Lab was not directly involved in the development of the Oxford University-AstraZeneca vaccine, which is the domain of the Oxford Vaccine Group and Jenner Institute.
That said, Strubi’s scientists have been heavily involved in researching how Covid-19 cells work and how to stop them causing harm, Forbes reported. That includes studies on potential future vaccine candidates.
Security experts were quick to condemn this latest cyberattack in the strongest possible terms.
“The reported hacking of an Oxford University biolab by threat actors is another gutless and abhorrent act by cyber criminals,” said Sam Curry, chief security officer at Cybereason. “Due to the magnitude of the Covid-19 pandemic, and the fact that nearly 3 million people have died from the virus worldwide, I categorise this latest breach as an act of cyber terrorism.”
“In the perfect world, loathsome groups like this would be brought to justice to face severe punishment,” said Curry. “Unfortunately, we don’t live in a perfect world, and cyber gangs will continue to carry out these attacks because time and time again they are successful.”
“Oftentimes, these gangs are working as contractors for nation-states and by gaining access to the proprietary information Oxford’s researchers have likely spent months working on, they will see a big payday,” added Curry.
“The good news is that the security researcher stepped forward to disclose this latest intrusion and that Oxford can simultaneously assess the damage and stop further exfiltration,” he said. “In the future, collaborative efforts like this will enable cyber defenders to be perched on higher ground than attackers making it much easier to stop future terrorist attempts.”
Nation state buyers
Another security expert pointed out that while the hackers may not have been nation-state, eventual buyer of any stolen data could potentially be a rogue nation.
“Vaccine data will still demand a strong price to the highest bidder, and threat actors will have likely attempted to gain entry multiple times since the vaccine programme began,” said Jake Moore, cybersecurity specialist at ESET.
“Although not necessarily a nation state actor who attempted the attack on this occasion, there is the potential that a nation state would have been the desired end buyer,” added Moore. “As the vaccine programme continues, the demand for the data decreases and we are likely to see less attacks, but this doesn’t mean we should become complacent.”
“Increasing security of intellectual property is paramount; phishing attacks are likely to be the one of the most common ways of attempting to exploit data, so staff will need constant reminding to be on guard,” Moore concluded.
Last week intelligence officials in South Korea confirmed that North Korea hackers had attempted to steal Covid-19 vaccine technology from Pfizer.
That came after the European Medicines Agency (EMA) was hacked in December, and valuable documentation concerning the Pfizer/BioNTech Covid-19 vaccine was apparently stolen.
During the past year, cyberattacks against vaccine specialists, healthcare, and drugmakers have risen, as state-backed and criminal hacking groups sought to obtain vital data from rival nations.
It was reported that suspected North Korean hackers had tried to break into the systems of British drugmaker AstraZeneca.
UK and US intelligence officials have previously warned that hackers were attempting to breach the cyber defences of vaccine makers.
In July 2020, the US Department of Justice (DoJ) issued formal charges against two Chinese nationals, accused of stealing hundreds of millions of dollars’ worth of trade secrets and intellectual property.
The two Chinese nationals were also accused of targeting researchers developing a vaccine for the coronavirus.
Also in July 2020, both UK and US intelligence agencies warned that Russian hacking group APT29 (also known as Cozy Bear) was actively targeting researchers developing a Covid-19 vaccine.
Stolen vaccine data can be sold for a healthy profit, western officials have warned, or used to extort vaccine makers, or provide valuable intelligence for foreign governments.
And IBM warned last year that the cold storage supply chain used to transport viable vaccines had come under cyber-attack – probably by a nation state.